TY - GEN
T1 - Performance Evaluation of Transport Layer Security in the 5G Core Control Plane
AU - Zeidler, Oliver
AU - Sturm, Julian
AU - Fraunholz, Daniel
AU - Kellerer, Wolfgang
N1 - Publisher Copyright:
© 2024 ACM.
PY - 2024/5/27
Y1 - 2024/5/27
N2 - As 5G is currently being rolled out, security considerations for this critical infrastructure are getting more into focus. Hereby, the security investigation of the 5G core as the central element plays a pivotal role. The structure of the core is based on a Service-Based Architecture (SBA) consisting of Network Functions (NFs). These NFs communicate via REST/HTTP2 interfaces, that can be secured using Transport Layer Security (TLS) for encryption. However, this enhanced security is not enforced by standardization, but up to the system operator to decide. Therefore, in this work we derive recommendations on when to use TLS. For that, we investigate the overhead of TLS in a simulation, based on the open-source frameworks Open5GS and UERANSIM. To measure a user-relevant overhead, we look into 5G's UE registration and Packet Data Unit (PDU) session establishment procedures. By testing 14 of the most relevant cipher suites, our results show, that TLS adds no more than 1\,% of time overhead in a running system. Further, we show cipher suites using ECDSA keys to be faster than the ones using RSA keys. Surprisingly, TLS 1.3 shows a larger performance overhead than its predecessor TLS 1.2. We demonstrate CPU and memory overhead of TLS to be insignificant in the context of the 5G core.
AB - As 5G is currently being rolled out, security considerations for this critical infrastructure are getting more into focus. Hereby, the security investigation of the 5G core as the central element plays a pivotal role. The structure of the core is based on a Service-Based Architecture (SBA) consisting of Network Functions (NFs). These NFs communicate via REST/HTTP2 interfaces, that can be secured using Transport Layer Security (TLS) for encryption. However, this enhanced security is not enforced by standardization, but up to the system operator to decide. Therefore, in this work we derive recommendations on when to use TLS. For that, we investigate the overhead of TLS in a simulation, based on the open-source frameworks Open5GS and UERANSIM. To measure a user-relevant overhead, we look into 5G's UE registration and Packet Data Unit (PDU) session establishment procedures. By testing 14 of the most relevant cipher suites, our results show, that TLS adds no more than 1\,% of time overhead in a running system. Further, we show cipher suites using ECDSA keys to be faster than the ones using RSA keys. Surprisingly, TLS 1.3 shows a larger performance overhead than its predecessor TLS 1.2. We demonstrate CPU and memory overhead of TLS to be insignificant in the context of the 5G core.
KW - 5g
KW - network security
KW - performance measurements
KW - tls
UR - http://www.scopus.com/inward/record.url?scp=85198095686&partnerID=8YFLogxK
U2 - 10.1145/3643833.3656140
DO - 10.1145/3643833.3656140
M3 - Conference contribution
AN - SCOPUS:85198095686
T3 - WiSec 2024 - Proceedings of the 17th ACM Conference on Security and Privacy in Wireless and Mobile Networks
SP - 78
EP - 88
BT - WiSec 2024 - Proceedings of the 17th ACM Conference on Security and Privacy in Wireless and Mobile Networks
PB - Association for Computing Machinery, Inc
T2 - 17th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2024
Y2 - 27 May 2024 through 29 May 2024
ER -